2 min read
How BEC plays out
An employee gets an email that appears to come from the CEO or finance director, demanding a confidential, urgent payment or sensitive data. The pressure and secrecy are the point — they stop the employee from checking. The email may spoof or hijack a real account.
Breaking the con
Agree a rule that no urgent or unusual payment request is actioned without a verbal confirmation on a known number or in person. Remove the fear of questioning a director. Train staff that real leaders expect to be verified, not obeyed blindly.
What it means for you
Credicorp lends to your company, not to you personally, and takes no personal guarantee. See business loans or apply online.
Frequently asked questions
Why do staff fall for CEO fraud?
It weaponises authority and urgency. An employee fears delaying “the boss”, so they skip verification. A clear rule that all such requests are verified removes that pressure.
How do I protect against it?
Require out-of-band confirmation for unusual payments, restrict who can move money, and make it normal to challenge urgent requests.
Related reading

What is authorised push payment (APP) fraud?
APP fraud is where you are tricked into authorising a payment to a scammer yourself — because you approved…
Read →
What is invoice redirection fraud and how do I avoid it?
Invoice redirection fraud is when a scammer poses as a supplier and asks you to change their bank details,…
Read →
How do I reduce payment fraud in my business?
Dual authorisation, call-back verification of new payees, and clear limits on who can move money block most…
Read →
How do I spot a fake Credicorp website or email?
Genuine Credicorp only uses credicorp.co.uk domains, never asks for your full password, and never requests an…
Read →Funding for UK limited companies
Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.